From: Jakub Zelenka Date: Sun, 6 Sep 2015 15:39:59 +0000 (+0100) Subject: Fix bug #60632: openssl_seal fails with AES X-Git-Tag: php-5.6.14RC1~9 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d47029167dfc2184f9a630a75a55e145bff8b017;p=php Fix bug #60632: openssl_seal fails with AES --- diff --git a/NEWS b/NEWS index 0a2103ea3b..7d4206ee98 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,7 @@ PHP NEWS . Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource). (Jakub Zelenka) . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb) + . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka) - PDO: . Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index cc86f0440f..de5a7d4c58 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4871,6 +4871,10 @@ PHP_FUNCTION(openssl_seal) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm."); RETURN_FALSE; } + if (EVP_CIPHER_iv_length(cipher) > 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Ciphers with modes requiring IV are not supported"); + RETURN_FALSE; + } } else { cipher = EVP_rc4(); } diff --git a/ext/openssl/tests/bug60632.phpt b/ext/openssl/tests/bug60632.phpt new file mode 100644 index 0000000000..c718fed6db --- /dev/null +++ b/ext/openssl/tests/bug60632.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #60632: openssl_seal fails with AES +--SKIPIF-- + +--FILE-- + 'sha256', + 'private_key_bits' => 1024, + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + 'encrypt_key' => false +)); +$details = openssl_pkey_get_details($pkey); +$test_pubkey = $details['key']; +$pubkey = openssl_pkey_get_public($test_pubkey); +$encrypted = null; +$ekeys = array(); +$result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC'); +echo "Done"; +?> +--EXPECTF-- +Warning: openssl_seal(): Ciphers with modes requiring IV are not supported in %s on line %d +Done